Post navigation

List of Credit Card Data Breaches by Industry

Updated March 29, 2016. Is your business safe from a credit card data breach? The list below highlights some recent data breaches and the primary cause. While malware reigns as a top cause of payment data breaches, employee theft is still a problem too.

Software & POS companies

Modern Business Solutions (hosting) October 2016, 26-260 million

Staminus – March 2016. Stored card data stolen from hacked server.

Harbortouch POS – ” a small percentage of their restaurants and bars customers”; Malware. May 2015 announced; scope and exposure dates under investigation. 4200 merchants, how many cardholders?

Charge Anywhere LLC, a mobile payments provider. November 2009 and September 2014

Hard Rock Hotel Las Vegas “limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.”

March 2015 Mandarin Oriental Hotel, Malware. Credit card systems in an isolated number of hotels in the US and Europe.

From White Lodging Services Corp- certain Marriott, Holiday Inn, Sheraton and other hotel properties. The breach occurred at food and beverage outlets at 14 hotels, including some operated under the Westin, Renaissance and Radisson names, between March 20 and December 16, 2013.

Travelocity 2013, several employees of a Travelocity service
provider misused certain information, including payment card numbers, for which they had access as part of performing services

Intercontinental Mark Hopkins San Francisco, 2013

Ecommerce

fashiontofigure.com Fashion Figure (B. Lane, Inc.). Has 18 retail stores plus ecommerce store; no clear indication where breach occurred. Reported as Date(s) of Breach (started):Tuesday, May 19, 2015; Date(s) of Discovery of Breach:Friday, October 16, 2015. Fashion Figure is notifying customers of a data breach to their system when they discovered unauthorized access to names, customer ID’s, addresses, phone numbers, email addresses, and credit card information. After investigation, the company found malware installed on their webserver. The web configuration is not known at the time of the breach, and most companies take immediate action to update once discovered; Ecommerce shopping cart is currently Magento with Magento One Page Checkout – Fire Checkout plugin, and authorize.net payment gateway.

http://www.northshorecare.com/ North Shore Care Supply. The information accessed included debit/credit card information, names, addresses, card numbers, verification codes and expiration dates.Online purchases made between June 7, 2015 and August 24, 2015 are at risk. The web configuration is not known at the time of the breach, and most companies take immediate action to update once discovered; Ecommerce shopping cart is currently Magento with iframe authorize.net payment gateway.

Bring It To Me, LLC, 2014. Our online ordering software provider, BigTree Solutions, recently informed us that they identified unauthorized modifications in their software that could potentially allow new payment credit card information entered between October 14, 2013 and January 13, 2014 to have been obtained by an unauthorized user

Smartphone Experts, 2013

Restaurant

Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, Chart House, Rainforest Cafe and Morton’s. Announced December 2015; end to end encryption installed at 92% of locations (was in progress at time of breach, still under investigation)